Permissions for access to documents can be configured at three levels:

 

1.Permissions for all content - granted to roles
2.Permissions for document types - granted to roles
3.Document-level permissions - granted to roles or individual users

 

Permissions from these three levels are merged together when checking if a user is a permitted to perform an action with a document. For example, to read a document, a user must have the Read permission on at least one of the three levels: either on document-level, or for the document's document type, or for all content.

 

Permissions for all content

 

In Site Manger -> Administration -> Permissions, there is a special permission matrix for controlling access to all documents within the content tree. It is the Modules -> Content permission matrix.

 

The following global permissions can be granted to particular roles:

 

Read - allows members of the role to view any document in the content tree
Modify - allows members of the role to modify any document in the content tree
Check in any document - authorizes user to perform the Check in or Undo check-out actions on the Properties -> Versions tab of a document
Create - allows members of the role to create any document in the content tree
Delete - allows members of the role to delete any document in the content tree
Manage workflow - allows members of the role to approve/reject any document at any workflow step
Destroy - allows members of the role to destroy any document (delete without undo option)
Modify permissions - manage local permissions of any document
Browse tree - allows members of the role to browse the content tree; if not assigned, the Content tab may not be displayed (unless the role has the Read permission for the CMS.Root document type or for the Root document (on document level))
Design website - allows members of the role to access the Design tab; please note: although users can make changes only to the current website, the changes may affect other websites if they modify a page template shared among multiple websites

 

Permissions for document types

 

Document type permissions allow control of access to all documents of a particular document type in the content tree. These permissions are assigned to roles in Administration -> Permissions, by selecting Permission type: Document types and choosing the document type from the Permission matrix drop-down list. All documents of a type will have access limited by the permissions configured for the document type.

 

You can grant the following document type permissions to particular roles:

 

Read - read all documents of this type
Create - create documents of this type
Modify - modify all documents of this type
Delete - delete all documents of this type
Destroy - destroy all documents of this type
Browse tree - display child documents of all documents of this type
Modify permissions - manage local permissions of all documents of this type

 

Document-level permissions

 

You can also configure permissions on document level, directly in the content tree. These permissions are merged with global permissions for all content (the Content module) and global permissions for document types. Document-level permissions are described in detail on the following page.

 

Page url: http://devnet.kentico.com/docs/5_5r2/devguide/index.html?document_permissions.htm